package cn.javabb.core.shiro.realm;

import cn.javabb.core.constant.Constant;
import cn.javabb.core.entity.sys.UserDO;
import cn.javabb.core.model.StatusEnum;
import cn.javabb.core.service.sys.UserAuthService;
import cn.javabb.core.service.sys.UserService;
import cn.javabb.core.shiro.UserToken;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

import javax.annotation.PostConstruct;

/**
 * @desc: 第三方登陆Realm
 * @author: javabb (javabob(a)163.com)
 * @create: 2019/11/11 17:04
 */
public class OAuthRealm extends AuthorizingRealm {

    @Autowired
    private UserService userService;

    @Autowired
    private UserAuthService userAuthService;

    /**
     * 赋权
     * @param principals
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        return null;
    }

    /**
     * 验证身份
     * @param token
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        UserDO loginUser = null;
        String loginName = (String) token.getPrincipal();
        /*if (Validator.isEmail(loginName)) {
            loginUser = userService.findByEmail(loginName);
        } else {
            loginUser = userService.findByUserName(loginName);
        }*/
        loginUser = userService.getByUserName(loginName);
        if (loginUser == null) {
            throw new UnknownAccountException(); // 账号不存在
        }else if (loginUser.getState() == StatusEnum.ABNORMAL.getCode()) {
            throw new LockedAccountException();  // 账号被锁定
        }
        //将当前用户存入session
        SecurityUtils.getSubject().getSession().setAttribute(Constant.SESSION_USER, loginUser);
        /* 传入密码自动判断是否正确
         * 参数1：传入对象给Principal
         * 参数2：正确的用户密码  第三方登陆不需要密码
         * 参数3：加盐处理
         * 参数4：固定写法
         */
        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
                loginUser, "", null, getName());
        return authenticationInfo;
    }
    /**
     * 自定义密码验证匹配器
     */
    @PostConstruct
    public void initCredentialsMatcher() {
        setCredentialsMatcher(new SimpleCredentialsMatcher() {
            @Override
            public boolean doCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) {
                UserToken token = (UserToken) authenticationToken;
                SimpleAuthenticationInfo info = (SimpleAuthenticationInfo) authenticationInfo;
                /*// 获取明文密码及密码盐
                String password = String.valueOf(token.getPassword());
                String salt = CodecSupport.toString(info.getCredentialsSalt().getBytes());*/

                return true;
            }
        });
    }
}
